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(54) High speed internet access 

(57) In an Internet communication between a termi- 
nal 10, and an Internet Service Provider (ISP), 8, ATM 
communication is used. Each ATM message, 35, must 
be processed at each node in the network, 6. According 
to the invention, a plurality of ATM data messages, 35, 
from a terminal, 10 to an ISP, 8, are assembled into a 
single packet, 37, at the edge of the network while main- 



taining the ATM Header, 38. Thus the amount of 
processing to transfer the data across the network, 6, is 
reduced, reducing the load on the network 6. At the ISP, 
8. the packets can "be de-multiplexed and the original 
ATM messages reconstructed. 
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Description 

Technical Field 

This invention relates to a method and arrangement 
of providing high speed data services to a large number 
of users via a communications network. 

Background Art 
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The provision of mass market Internet services 
presents traffic management problems for both tele- 
communications carriers and Internet Service Provid- 
ers. 

At present most private users are connected to the is 
Internet over modems which operate in the voice band. 
These services have low transmission rates and also tie 
up the exchange connection preventing simultaneous 
use of the phone on the same line and loading the 
exchange. 20 

High speed access technologies have emerged 
which make the delivery of fast data and data-like serv- 
ices practical for the mass/broad market. Such technol- 
ogies include transmission technologies such as ADS 
and Hybrid Fibre Coax and multiplexing/Switching tech- 25 
nologies such as A.T.M.. A number of IP based access 
services have been implemented and often use A.T.M. 
as an underlying transport technique. However in these 
implementations, the carriage of services is usually 
based on the Internet Protocol and so the underlying 30 
A.T.M. flows must be terminated at each location at 
which IP traffic is processed. 

Therefore in IP based access networks which use 
A.T.M. as the underlying transport, the advantages of 
using end to end A.T.M. are foregone. 35 

For an A.T.M. end to end based access service, it 
has been necessary to establish individual A.T.M. con- 
nections carrying AAL5 encapsulated data across the 
entire network between each subscriber and their 
ISP(s) of choice. In a mass market deployment of A.T.M. 40 
technology, for example high speed Internet access 
based on A.T.M. to residential subscribers, the number 
of A.T.M. flows can amount to 10s to 100s of thousands 
simultaneously. 

A service provider, such as an Internet Service Pro- 4s 
vider, may need to terminate an individual Information 
flow from each of its subscribers. This requirement 
could be imposed for service reasons, billing reasons, 
security reasons or routing reasons. Typical large ISPs 
must design their systems to cope with up to hundreds so 
of thousands of subscribers. 

In an A.T.M. connected scenario, at least two 
issues arise for service providers: 



1000 or fewer. This maximum number of A.T.M. 
connections is significantly fewer than the number 
of subscribers to a large ISP. - 
The cost of leased public A.T.M. links is generally 
relatively expensive compared with the competitive 
price charged for a single residential internet serv- 
ice. In order to remain viable, ISPs offering high 
speed internet access over A.T.M. would therefore 
require each leased A.T.M. link into the public net- 
work to be shared by a relatively large number of 
residential subscribers. Certainly, the number of 
subscribers sharing a 155 Mbit/s link (for example) 
would need to be much greater than 1000. 

Routing in the access network via traditional means 
is unsuitable in a multi service provider environment or 
in an environment where the service provider is different 
from the access network provider. This is because 
"routing" is a service which provides a value added con- 
nectivity and could potentially lead to traffic nominally 
served by a particular service provider to bypass or be 
routed around that service provider altogether. 

Other issues arise in an A.T.M. connected scenario 
which affect both access carriers and service providers: 
The logistical and technical difficulty of managing 
individual end to end A.T.M. connections for each sub- 
scriber is significant. Internet standards can be found on 
the Internet at: http://ds1.internic.net/std/ 

A description of the A.T.M. cell and header struc- 
ture is given in the book "Asynchronous Transfer Mode- 
Solution for Broadband ISDN", Martin de Prycker; Pren- 
tice Hall, 3rd ed, 1 995, at page 63 et seq. Essentially the 
information field is relatively small to minimize buffer 
size, and the header is used only to identify the link 
through the next stage, which contains a translation 
table to replace the header on the outgoing cells for use 
in the subsequent stage. A.T.M. operates in a connec- 
tion-oriented mode where the virtual connection is iden- 1 
tified by the A.T.M. header and the translation tables. 

Disclosure of the Invention 



A.T.M. interface cards for switches and worksta- 
tions terminate a finite maximum number of simul- 
taneous A.T.M. connections. Typically, this 
maximum number of connections is of the order of 
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It is desirable to extend higher speed links to broad 
or mass market data services. This specification dis- 
closes an architecture capable of delivering Internet and 
other data services to hundreds of thousands of sub- 
scribers. In our preferred solution the Internet subscrib- 
ers are linked into a packet network using A.T.M. in an 
end to end manner. In a specific embodiment the A.T.M. 
link is implemented using ADS over the copper pair. 
ADS operates outside the voice bond so this opens the 
possibility of operating a conventional phone and the 
Internet connection simultaneously. An access gateway 
is used within the communications network to terminate 
the A.T.M. connections and map the traffic using multi- 
plexing into a single connection for the ISP. The data 
may be managed at the AAL5 layer level (A.T.M. Adap- 
tation Layer 5) at the user and exchange interface. 
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At the service provider interface, traffic arrives from 
a large number of subscribers multiplexed into a much 
smaller number of A.T.M. flows. Traffic directed from the 
service provider towards the subscribers is multiplexed 
by the service provider into the appropriate flow towards 
that subscriber's access gateway. 

This specification describes an internet communi- 
cation system including a plurality of subscribers con- 
nected to a plurality of service providers via a 
communication network: 

wherein each subscriber is able to communicate 
with a predetermined one (or more) of the service pro- 
viders over a private Individual logical link (or links) or 
data flow (or flows) using a communication protocol: 

wherein data flows from individual subscribers 
are terminated in the communication network close to 
the subscribers and multiplexed together for transmis- 
sion to the predetermined service provider. 

In a preferred arrangement, the connection 
between the user and the exchange utilizes an A.T.M. 
protocol which may, for example, be implemented over 
an ADS or other suitable high speed link. 

In a further embodiment the communications net- 
work includes one or more geographically diverse 
exchange locations around which subscribers in the 
area are grouped through an access network 

In a further embodiment the communication net- 
work includes one or more data gateway devices collo- 
cated with one or more such devices more centrally 
located than the exchange locations and concentrating 
subscriber traffic into a central access network. 

In a fourth embodiment the service providers are 
coupled to the central access network via a high speed 
communication link. 

In a fifth embodiment the service providers are cou- 
pled to the central access network directly or via data 
gateway devices. 

In a sixth embodiment destination address informa- 
tion, or source address information or a combination 
thereof from the communication protocol is used to 
uniquely identify the routing of data packets. 

In a preferred arrangement, the routing means 
within the data gateway are configured to prevent direct 
communication between one subscriber and another 
through the data gateway. 

Also in a preferred arrangement, the routing means 
within the data gateway are configured to prevent direct 
communication between one ISP and another through 
the data gateway. 

In a still further embodiment, when the A.T.M. flows 
are processed in the data gateway, the A.T.M. VP/VC for 
each individual connection is practically terminated but 
a logically unique connection path is maintained across 
the full span of the connection between the subscriber 
and their service provider. 

In yet another embodiment when the A.T.M. flows 
are practically terminated, the A.T.M. VPA/C is stored 
and the A.T.M, VPA/C identifier is used as a basis for 



multiplexing data flows from one or more subscribers 
addressed to a particular service provider into shared 
VPA/C flows between the gateway and service provider. 

In yet another embodiment the A.T.M. flows from a 
s subscriber are terminated at the data gateway to which 
the subscriber is connected, and wherein the said data 
gateway includes tables for use in multiplexing using 
A.T.M. VP/VC identifiers. 

Another embodiment provides that a multiplexing 
w table is used for upstream traffic, and a de-multiplexing 
table is used for downstream traffic. 

Preferably, in the multiplexing tables, each logical 
subscriber connection is associated with only one serv- 
ice provider. Each service provider is preferably associ- 
15 ated with a list of subscribers. 

Optionally, one or more subscribers may have more 
than one logical connection to enable the subscriber to 
connect to more than one service provider. 

In another embodiment the communication network 
20 includes a plurality of data gateways, and wherein there 
is a separate multiplexed VP/VC flow between each 
data gateway and each service provider. 

Preferably, protocol address sharing, for example 
Internet Protocol address sharing, is implemented 
25 within the service provider to facilitate simultaneous 
connection of a large number of subscribers to the net- 
work, for example The Internet, using a much smaller 
number of network addresses. 

In another embodiment the gateway forwards traffic 
30 on the basis of a static connection between the logical 
subscriber port and the service provider. 

In a still further embodiment the gateway forwards 
traffic in the direction from the subscriber towards the 
service provider on the basis of the packet source 
35 address which is an address associated with a corre- 
sponding subscriber. 

In a still further embodiment the gateway forwards 
traffic in the direction from the service provider towards 
the subscriber on the basis of the packet destination 
40 address which is an address associated with a corre- 
sponding subscriber. 

In yet another embodiment the data gateway 
includes a means in the direction from subscriber 
towards ISP to verify the legitimacy of the source 
45 address provided by the subscriber in each subscriber 
packet. 

In yet another embodiment the data gateway 
includes a means to discard packets with illegitimate 
source addresses directed from a subscriber towards 
so an ISP. 

In still another embodiment the data gateway includes a 
means to overwrite the source address before forward- 
ing packets directed from a subscriber towards an ISP 
in which the original packet contains an illegitimate 
55 source address. 

In yet another embodiment the data gateway 
includes a means in the direction from ISP towards sub- 
scriber to verify the legitimacy of the source and desti- 
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nation addresses provided by the ISP in each ISP 
packet. 

In yet another embodiment the data gateway 
includes a means to discard packets with illegitimate 
source or destination addresses directed from an ISP 
towards a subscriber. 

In still another embodiment the data gateway 
includes a means to overwrite the source address 
before forwarding packets directed from an ISP towards 
a subscriber in which the original packet contains an 
illegitimate source address. 

The invention also provides method of implement- 
ing Internet communication in conjunction with the 
above arrangements. 

The invention will be described with reference to the 
connection of a plurality of Internet users to a number of 
Internet Service Providers (ISP), or quasi-ISP such as 
corporations providing telecommuting facilities for their 
employees. The term "service provider" will be used to 
refer to both ISPs and quasi-ISPs. 



Brief Description of the Drawings. 

Figure 1 shows an end to end architecture for a 
mass market Internet access system embodying 
the invention, including a subscriber data network 
exemplified in the drawing as an ADS access net- 
work; 

Figure 2 illustrates the process of transferring data 
from the subscriber to the ISP, via the network. 

Description of the Invention 

Figure 1 is a representation of end to end Internet 
access implemented using the invention. A plurality of 
subscribers 11... 1S or RIM (Remote Integrated Multi- 
plexers) (also known as Metropolitan Area Networks) or 
other data gateways are connected to the host access 
exchange 5 via a data access network 4, A plurality of 
access exchanges. 51... 5E are interconnected through 
data network 6. A plurality of Internet Service Providers 
(ISP) or other types of service provider, 81... 8P, are 
each connected between the Internet, or other data 
infrastructure 9, and the data network 6. 

Each subscriber may have one or more computers, 
10, and modems, 11, each of which may be registered, 
with a different service provider. 

The data access network may include ADS links 
over copper pairs which originate at a gateway such as 
a local exchange or Remote Integrated Multiplexer 
(RIM) connected to the rest of the telecommunications 
network via high capacity links such as optical fibres. 

RIM equipment serves as a point of termination of 
the ADS connection which can be located sufficiently 
close to the subscribers to enable ADS to be used over 
the installed copper pair base at information speeds 
compatible with high speed data services. 

Other high speed links to subscribers may also be 



used, e.g., SDH, Hybrid Fibre Coax-etc. 

Information to be sent to the ISP by the subscriber 
is initially assembled in packet form and then converted 
to an efficient form for transmission. 
s Preferably, communication from the subscriber is 

carried using ATM., packets for transmission being 
divided into A.T.M. cells. 

However, in the telecommunications network, a 
large number of end to end ATM. paths between indi- 
10 vidual subscribers and their ISP's may exhaust 
resources in the A.T.M. switches and be unwieldy to 
manage and maintain. 

The A.T.M. flows from each subscriber are practi- 
cally terminated and remultiplexed into simpler flows to 
15 the service providers close to the edge of the network. 
This may be at the local exchange which is connected to 
a number of RIMs so as to gather sufficient Internet traf- 
fic to provide a worthwhile aggregate load for efficient 
packet transmission. Alternatively, where there is suffi- 
20 cient traffic at the RIM, the subscriber A.T.M. flows may 
be terminated there. 

The remultiplexed packets are forwarded through 
the network at the packet layer. The originating VPA/C 
identifier may be used as the basis for multiplexing so 
25 as to maintain a logically unique end to end relationship 
for each connection between a subscriber and a service 
provider. 

As shown in Figure 2, packets, 34, to be sent from 
the user are converted into A.T.M. format using AAL5 
30 encapsulation and A.T.M. VP/VC addresses, e.g., using 
an A.T.M. card in the user's PC or data modem.'which 
breaks up the packet into A.T.M. cells, 351... 35 V, and 
adds cell headers, 36 1... 36 V, for transmission to the 
exchange network in A.T.M. format. The packet level 
35 source and destination addresses are transmitted with 
other packet header information. 

At the user exchange interface, the A.T.M. user's 
flows are terminated and the data assembled into pack- 
ets 37 including the original packet source and destina- 
40 tion addresses, for onward transmission through the 
network. Specifically for each packet which is proc- 
essed 37,38, reference to the incoming VPA/C is main- 
tained 38 and this reference can be used to simplify 
onward forwarding. In this way, the A.T.M. flow from the 
45 subscriber is practically terminated but the reference to 
VPA/C is not lost. 

The VP/VC reference associates each A.T.M. flow 
on the subscriber's line with a previously assigned ISP 
via a look up table. 
so At the exchange / ISP interface in the direction from 
subscriber to ISP, the VP/VC packet flows from many 
individual subscribers are multiplexed into shared serv- 
ice provider VP/VC packet flows. At the Exchange 
therefore, subscriber's incoming packet is directed 
55 towards an ISP on the basis of its VP/VC identifier 
rather than on the basis of its packet source or destina- 
tion address. 

The data gateway at the exchange may optionally 
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perform a verification of the packet source address pro- 
vided-by the subscriber In order to detect and prevent 
any one subscriber from masquerading as a different 
subscriber. In order to perform an optional source 
address verification, the data gateway includes a 5 
means, such as an association table, which uniquely 
specifies one or more source addresses which that sub- 
scriber is permitted to use in their communication with 
the specific ISP to which that subscriber's connection is 
made. If the packet source address verification indi- w 
cates that the subscriber has specified a source 
address which has not been configured to be permitted 
by the data gateway, the data gateway may discard the 
packet in its entirety or alternately forward a modified 
version of the packet towards the ISP after overwriting 75 
the incorrect source address with an acceptable source 
address from the association table. 

At the exchange / ISP interface in the direction from 
ISP to subscriber, the VP/VC packet flow from each ISP 
is demultiplexed into many individual subscriber VP/VC 20 
packet flows towards the subscribers. At the Exchange 
therefore, ISP's incoming packet is directed towards a 
subscriber on the basis of its packet destination 
address. 

In order to perform an optional ISP packet verifica- 25 
tton and in order to prevent ISPs other than the ISP 
legitimately associated with a specific subscriber con- 
nection from communicating with the subscriber on that 
specific subscriber connection, the data gateway 
includes a means, such as an association table, which 30 
specifies a VP/VC identifier and the permitted ISP 
packet source address or addresses which may be 
used to direct a packet towards the subscriber in con- 
junction with the packet destination address. If the 
VP/VC, source address and destination address verRi- 35 
cation indicates that an ISP is attempting to direct a 
packet towards a subscriber which does not have a spe- 
cific connection to that ISP, the data gateway discards 
the packet in its entirety. 

According to AAL5 protocol, each packet is sent as 40 
a contiguous flow of uninterrupted A.T.M. cells such that 
the cells of one packet are not intermixed with the cells 
of another on the same ISP VP/VC. At the ISP, A.T.M. 
cells are terminated and the data reassembled into 
packets, 40. 45 

Suppose groups of n A.T.M. cells (of size x bytes) 
each with their own header are assembled into a single 
packet (of size y bytes) with a single header, then the 
number of processing operations required through the 
various stages of' the network to convey the data from so 
the subscriber's port at the subscriber's gateway, to the 
service provider's port at the service provider's gateway 
is reduced by a factor of n. 

Claims ss 

1 . An internet communication system including a plu- 
rality of subscribers connected to a plurality of serv- 
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ice providers via a communication network; 
wherein each subscriber is able to communicate 
with a predetermined one of the service providers 
over an individual logical link or data flow using a 
communication protocol; 

wherein data flows from individual subscrib- 
ers are terminated in the communication network 
close to the subscribers and multiplexed together 
for transmission to the predetermined service pro- 
vider. 

2. A system as claimed in claim 1 , wherein the com- 
munications network includes one or more geo- 
graphically diverse exchange locations around 
which subscribers in the area are grouped through 
an access network. 

3. A system as claimed in claims 1 or 2, wherein the 
communication network includes one or more data 
gateway devices collocated with or more centrally 
located than the exchange locations concentrating 
subscriber traffic into a central access network. 

4. A system as claimed in claim 2 or claim 3, wherein 
the service providers are coupled to the central 
access network via a high speed communication 
link. 

5. A system as claimed in any of claims 2 to 4, 
wherein the service providers are coupled to the 
central access network directly or via data gateway 
devices. 

6. A system as claimed in any of claims 1 to 5 wherein 
each subscriber is assigned one or more protocol 
addresses which uniquely identify that subscriber 
within the access and central networks. 

7. A system as claimed in any of claims 1 to 5 wherein 
each service provider is assigned one or more pro- 
tocol addresses which uniquely identify that service 
provider within the access and central networks. 

8. A system as claimed in any one of claims 1 to 7, 
wherein destination address information, or source 
address information or a combination thereof from 
the communication protocol is used to uniquely 
identify the routing of data packets. 

9. A system as claimed in any one of the preceding 
claims, wherein the communication protocol is 
A.T.M.. 

1 0. A system as claimed in claim 9, wherein the A.T.M. 
flows are processed in a data gateway, the A.T.M. 
VP/VC for each individual connection being practi- 
cally terminated, and wherein a logically unique 
connection path is maintained across the full span 
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of the connection between the subscriber and their 
service provider. 

11. A system as claimed in claim 10. wherein when the 
A.T.M. flows are practically terminated, the A.T.M. 5 
VP/VC is stored and the A.T.M. VP/VC identifier is 
used as a basis for multiplexing data flows fromone 
or more subscribers addressed to a particular serv- 
ice provider into shared VP/VC flows between the 
gateway and service provider. 

12. A system as claimed in claim 11, wherein the 
A.T.M. flows from a subscriber are terminated at the 
data gateway to which the subscriber is connected, 
and wherein the said data gateway includes tables 
for use in multiplexing using A.T.M. VP/VC identifi- 
ers. 

13. A system as claimed in claim 12, wherein a multi- 
plexing table is used for upstream traffic, and a de- 20 
multiplexing table is used for downstream traffic. 

14. A system as claimed in claim 12 or claim 13, 
wherein in the multiplexing tables, each logical sub- 
scriber connection is associated with only one serv- 25 
ice provider. 

15. A system as claimed in claim 13, wherein in the 
demultiplexing tables, each service provider is 
associated with a list of subscribers. 30 



f ied in such a manner that they meet the require- 
ments of the security screen. 

21. A system as claimed in any one of claims 1 to 20, 
wherein in the direction from service provider to 
subscriber, the data packet address Information is 
inspected to implement security screening. 

22. A system as claimed in claim 21 wherein packets 
with illegitimate addresses which fail the security 
screen are alternatively either discarded or modi- 
fied in such a manner that they meet the require- 
ments of the security screen. 

23. A system as claimed in any one of claims 1 to 22, 
wherein the gateway forwards traffic on the basis of 
a static connection between the logical subscriber 
port and the service provider. 

24. An Internet communication system substantially as 
herein described with reference to the accompany- 
ing drawings. 

25. A method of transmitting Internet traffic substan- 
tially as herein described with reference to the 
accompanying drawings or as applied in any one of 
the preceding claims. 
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16. A system as claimed in any one of claims 1 to 15, 
wherein one or more subscribers may have more 
than one logical connection to enable the sub- 
scriber to connect to more than one service pro- 35 
vider. 



17. A system as claimed in any one of the preceding 
claims, wherein the communication network 
includes a plurality of data gateways, and wherein 40 
there is a separate multiplexed VP/VC flow between 
each data gateway and each service provider. 

18. A system as claimed in any one of the preceding 
claims, wherein protocol address sharing is imple- 45 
mented within the service provider to facilitate 
simultaneous connection of a large number of sub- 
scribers to the network using a much smaller 
number of network addresses. 

50 

19. A system as claimed in any one of claims 1 to 18, 
wherein in the direction from subscriber to service 
provider, the data packet address information is 
inspected to implement security screening. 

55 

20. A system as claimed in claim 19 wherein packets 
with illegitimate addresses which fail the security 
screen are alternatively either discarded or modi- 
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